HTC Security Flaw Lets Malicious Apps Steal Wi-Fi Passwords

HTC recently acknowledged a security flaw in its handsets that allowed malicious apps to steal Wi-Fi passwords.  This type of flaw could potentially allow for targeted exploitation of a company or residential network.  Luckily, HTC and Google were very responsive and a fix has already been developed and deployed.  It was actually discovered in September 2011, but was kept a secret publicly until Google and HTC had time to address it and provide the appropriate fixes.

According to the U.S. Computer Emergency Readiness Team (US-CERT), the devices affected by the security flaw include the Desire HD, Glacier, Droid Incredible, Thunderbolt 4G, Sensation Z710e, Sensation 4G, Desire S, EVO 3D and EVO 4G.

This is a prime example of why Apple has such a strict acceptance policy of the apps that are allowed in the iTunes App Store.  They monitor the code and test the apps before releasing them to the public to avoid problems.  That said, there have been apps that mistakingly made their way into the store.

http://www.gadgetbox.msnbc.msn.com/technology/technolog/htc-security-flaw-lets-malicious-apps-steal-wi-fi-passwords-24096

http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html

Advertisements

One thought on “HTC Security Flaw Lets Malicious Apps Steal Wi-Fi Passwords

  1. Personally, I do not approve of how this security flaw was kept secret. In my opinion, the flaw should have been disclosed to the public as soon as it was discovered to minimize potential damage that could have been done had the public continued to expose themselves to this security hole. While the company may get more complaints for taking “longer” for issuing a fix, the potential risk for damage would have at least been reduced a bit, which should be the main concern, no?

    Also, one big difference between the Android Market and the App Store: Apple only needs to test apps with a handful of devices; something Google cannot easily do, with the thousands of available Android-running models in circulation. Apple can test for many more things, such as compatibility with all its devices, hardware changes, etc. Google does not have the resources and time to do such a thing with thousands of devices from different manufacturers and hardware sources. This has been known to be a big issue, named “Android Fragmentation”.

Comments are closed.